Support ANZx teams in achieving operational effectiveness by aligning and collecting evidence against controls.
Assist Security Partners and Assurance teams in identifying opportunities to automate evidence collection.
Provide technical advice on implementing security configurations, such as Network policies, IAM, API authentication, and other Cloud components.
Help teams design secure CI/CD pipelines.
Support Security Partners in analyzing vulnerabilities and Pen-test findings affecting non-application-code-specific aspects of the solution.
Define policies as code in assurance tooling.
Run proof of concepts for new security tools and implementations.
Collaborate with ANZx or other ANZ security engineers and penetration testers to develop abuse cases and threat models.
Required Skills And Experience
7+ years of experience with at least one major cloud platform (GCP, AWS, or Azure) and knowledge of Cloud well-architected framework.
Applied knowledge of one or more security frameworks (e.g., NIST, CIS).
Experience in setting up GitOps, CI/CD, monitoring, incident management, and troubleshooting.
Ability to understand vulnerability findings and contribute to triage and action recommendations.
Experience working on codebases in an enterprise setting, including managing various libraries and dependencies (e.g., Java, Golang, Rust, C#, C/C++, Clojure).
Background in cloud engineering with knowledge of security requirements for the cloud.
Understanding of software development lifecycle, CI/CD tools, and performing code reviews.
Ability to write policy and automation as code.
Research and analytical skills to identify new security automation opportunities.
Ability to consume and understand detailed security requirements.
Effective communication skills with both security and non-security stakeholders.
Enthusiasm for learning and sharing new security and technical opportunities.
